Hi Lari Agree with you, thanks
Thanks Yubiao Feng On Fri, Apr 19, 2024 at 12:35 AM Lari Hotari <lhot...@apache.org> wrote: > Hi, > > In the Pulsar broker and proxy, there is existing support for receiving > the original client IP address from a Load Balancer or Proxy that passes > this information in the TCP/IP connection using the HA Proxy Protocol. > This feature can be activated with the `haProxyProtocolEnabled=true` > setting. It was added in the Pulsar 2.8.0 release with PR 8686. > > However, similar support has been missing for HTTP/HTTPS connections. A > common security requirement is to log the client IP address information. > To meet this important requirement, I suggest that we make an exception > and cherry-pick support for logging the original client IP address for > HTTP/HTTPS REST API calls to the maintenance branches in Pulsar. > > I have prepared PR 22524 to add support for both the X-Forwarded-For > header (Layer 7 LB/proxy support) and the HA Proxy Protocol (Layer 4 > LB/proxy support) for HTTP/HTTPS connections. This PR is now under > review. > > https://github.com/apache/pulsar/pull/22524 > > I will leave the review open until tomorrow and then proceed with > cherry-picking the PR to the maintenance branches unless there are > objections to this plan. > > -Lari >
